Security auth critical
Authentication Patterns
Session-based authentication, JWT tokens, OAuth/OIDC integration, refresh token rotation, and secure cookie handling for web applications.
- Difficulty
- intermediate
- Read time
- 1 min read
- Version
- v1.0.0
- Confidence
- established
- Last updated
Quick Reference
Use httpOnly secure cookies for session tokens. JWT: short expiry (15min), refresh token rotation, store in httpOnly cookie not localStorage. Implement PKCE for OAuth SPAs. Hash passwords with argon2 or bcrypt. Always verify tokens server-side. Use constant-time comparison for secrets.
Use When
- Implementing user authentication
- Setting up JWT or session-based auth
- Integrating OAuth providers
- Securing API endpoints
Skip When
- Public APIs without auth
- Static sites without user accounts
Authentication Patterns
Session-based authentication, JWT tokens, OAuth/OIDC integration, refresh token rotation, and secure cookie handling for web applications.